Support Center > Search Results > SecureKnowledge Details
How to bind SNMPD on SecurePlatform OS to specific interface Technical Level
Symptoms
  • It is not possible to send SNMP Response / SNMP Trap from specific IP address.

  • SNMP Query to a remote machine over VPN tunnel fails because SNMP Response is dropped.
    SmartView Tracker shows the following logs:

    • SNMP Request - is decrypted

      Origin: GATEWAY_NAME
      Type: Log
      Action: Decrypt
      Service: snmp (161)
      Source Port: SOURCE_PORT
      Source: SOURCE_MACHINE_ADDRESS
      Destination: DESTINATION_MACHINE_ADDRESS
      Protocol: udp
      Community: COMMUNITY_NAME
      Information: inzone: External
                         outzone: Local
      service_id: snmp
      VPN Peer Gateway: VPN_PEER_GW_OBJECT
      Subproduct: VPN
      VPN Feature: VPN
      Product: Security Gateway/Management

    • SNMP Response - is dropped

      Origin: GATEWAY_NAME
      Type: Log
      Action: Drop
      Service: SOURCE_PORT
      Source Port: snmp-read (161)
      Source: GATEWAY_NAME
      Destination: SOURCE_MACHINE_ADDRESS
      Protocol: udp
      Product: Security Gateway/Management
Cause

By default, the SNMPD daemon and the 'cp_monitor' are bound to localhost address. As a result, SNMP Response / SNMP Trap might be sent from an IP address that is not a part of an encryption domain.


Solution
Note: To view this solution you need to Sign In .